A file system defines a methodology for naming files and placing them into storage devices for retrieval. File system functionality can be described with respect to two components, a user component and a storage component. The user component is responsible for managing files within directories, file path traversals and user access to a file. The storage component of the file system determines how a file is stored physically on the storage device.
An Intrusion Detection System (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a management Station. Some systems may attempt to stop an intrusion attempt, but this is generally not required or expected of a monitoring system.
An Intrusion Prevention System (IPS) is usually considered an extension of intrusion detection systems. While both monitor network traffic and/or system activities for malicious activity, unlike intrusion detection systems, intrusion prevention systems are placed in-line and are able to actively prevent or block intrusions that are detected.
Intrusion Detection and Prevention Systems (IDPS) include anti-virus systems that typically record information related to observed events, notify security administrators of important observed events, and produce reports. Antivirus software is used to prevent, detect, and remove malware, including, but not limited to, computer viruses, computer worms, Trojan horses, spyware and adware. Computer security, including protection from social engineering techniques, is commonly offered in products and services of antivirus software companies. Antivirus techniques are based on signature-based detection, heuristic-based detection and file emulation.
An IDPS may respond to a detected threat by attempting to prevent it from succeeding. It may use several response techniques which involve stopping the attack itself, changing the security environment (e.g., reconfiguring a firewall), or changing the attack's content. An IDPS may take some action to avoid or restrict external access of computer systems upon suspicion or detection of a system or device intrusion or breach, for example blocking network ports, restricting system policies, etc. It may also alert an administrator (“admin”) as to a suspected intrusion or breach, wherein the admin is expected to take application-specific action in response, for example, to restrict file system level policies, etc.